Difference between revisions of "Main Page"

From ForensicsWiki
Jump to: navigation, search
m
m (WIKI NEWS)
Line 16: Line 16:
 
<h2 style="margin:0; background-color:#ffff33; font-size:120%; font-weight:bold; border:1px solid #afa3bf; text-align:left; color:#000; padding-left:0.4em; padding-top:0.2em; padding-bottom:0.2em;"> Featured Forensic Research </h2>
 
<h2 style="margin:0; background-color:#ffff33; font-size:120%; font-weight:bold; border:1px solid #afa3bf; text-align:left; color:#000; padding-left:0.4em; padding-top:0.2em; padding-bottom:0.2em;"> Featured Forensic Research </h2>
  
<small>Mar 2012</small>
+
<small>Aug 2012</small>
 
+
 
<bibtex>
 
<bibtex>
@inproceedings{Walls:2011a,
+
@misc{apple,
Audio_Url = {http://prisms.cs.umass.edu/brian/pubs/Walls.hotsec.2011.mp3},
+
abstract="With the launch of Mac OS X 10.7 (Lion), Apple has introduced a volume encryption mechanism known as FileVault 2. Apple only disclosed marketing aspects of the closed-source software, e.g. its use of the AES-XTS tweakable encryption, but a publicly available security evaluation and detailed description was unavailable until now.. We have performed an extensive analysis of FileVault 2 and we have been able to find all the algorithms and parameters needed to successfully read an encrypted volume. This allows us to perform forensic investigations on encrypted volumes using our own tools. In this paper we present the architecture of FileVault 2, giving details of the key derivation, encryption process and metadata structures needed to perform the volume  decryption. Besides the analysis of the system, we have also built a library that can mount a volume encrypted with FileVault 2. As a contribution to the research and forensic communities we have made this library open source. Additionally, we present an informal security evaluation of the system and comment on some of the design and implementation features. Among others we analyze the random number generator used to create the recovery password. We have also analyzed the entropy of each 512-byte block in the encrypted volume and discovered that part of the user data was left unencrypted",
Author = { Robert J. Walls and Brian Neil Levine and Marc Liberatore and Clay Shields},
+
author="Omar Choudary and Felix Grobert and Joachim Metz",
Booktitle = {Proc.\ USENIX Workshop on Hot Topics in Security (HotSec)},
+
year=2012,
Keywords = {forensics; security},
+
month=Aug,
Month = {August},
+
url="http://eprint.iacr.org/2012/374.pdf"
Slides_Url = {http://prisms.cs.umass.edu/brian/pubs/rjwalls.hotsec.2011.slides.pdf},
+
}
Sponsors = {CNS-1018615, CNS-0905349, DUE-0830876, 2008-CE-CXK005},
+
Title = {{Effective Digital Forensics Research is Investigator-Centric}},
+
Url = {http://prisms.cs.umass.edu/brian/pubs/Walls.hotsec.2011.pdf},
+
Video_Url = {http://prisms.cs.umass.edu/brian/pubs/Walls.hotsec.2011.mp4},
+
Year = {2011},
+
Bdsk-Url-1 = {http://prisms.cs.umass.edu/brian/pubs/Walls.hotsec.2011.pdf}}
+
</bibtex>
+
Many technical mechanisms across computer security for attribution, identification, and classification are neither sufficient nor necessary for forensically valid digital investigations; yet they are often claimed as useful or necessary. Similarly, when forensic research is evaluated using the viewpoints held by computer security venues, the challenges, constraints, and usefulness of the work is often misjudged. In this paper, we point out many key aspects of digital forensics with the goal of ensuring that research seeking to advance the discipline will have the highest possible adoption rate by practitioners. We enumerate general legal and practical constraints placed on forensic investigators that set the field apart. We point out the assumptions, often limited or incorrect, made about forensics in past work, and discuss how these assumptions limit the impact of contributions.
+
 
+
* [https://www.usenix.org/conference/hotsec11/effective-digital-forensics-research-investigator-centric Usenix Presentation]
+
* [http://prisms.cs.umass.edu/brian/pubs/rjwalls.hotsec.2011.slides.pdf Slides]
+
* [http://prisms.cs.umass.edu/brian/pubs/Walls.hotsec.2011.pdf paper]
+
 
+
 
(See also [[Past Selected Articles]])
 
(See also [[Past Selected Articles]])
  

Revision as of 22:02, 7 August 2012

This is the Forensics Wiki, a Creative Commons-licensed wiki devoted to information about digital forensics (also known as computer forensics). We currently list a total of 725 pages.

Much of computer forensics is focused on the tools and techniques used by investigators, but there are also a number of important papers, people, and organizations involved. Many of those organizations sponsor conferences throughout the year and around the world. You may also wish to examine the popular journals and some special reports.


WIKI NEWS

2012-feb-25: We continue to have problems with our hosting provider and are in the process of identifying a new one. Thank you for your patience.

Featured Forensic Research

Aug 2012

Omar Choudary, Felix Grobert, Joachim Metz -
, August 2012
http://eprint.iacr.org/2012/374.pdf
Bibtex
Author : Omar Choudary, Felix Grobert, Joachim Metz
Title :
In : -
Address :
Date : August 2012